fix:Modify the method of obtaining DoS Detection task knowledge base(TSG-17971)
This commit is contained in:
wangchengcheng
@@ -72,20 +72,34 @@ public class FlowWriteConfig {
|
||||
|
||||
public static final int SASL_JAAS_CONFIG_FLAG = CommonConfigurations.getIntProperty("sasl.jaas.config.flag");
|
||||
|
||||
public static final String NACOS_SERVER = CommonConfigurations.getStringProperty("nacos.server.addr");
|
||||
public static final String NACOS_USERNAME = CommonConfigurations.getStringProperty("nacos.username");
|
||||
public static final String NACOS_PIN = CommonConfigurations.getStringProperty("nacos.password");
|
||||
public static final String NACOS_PUBLIC_NAMESPACE = CommonConfigurations.getStringProperty("nacos.namespace");
|
||||
public static final String NACOS_KNOWLEDGEBASE_DATA_ID = CommonConfigurations.getStringProperty("nacos.data.id");
|
||||
public static final String NACOS_PUBLIC_GROUP = CommonConfigurations.getStringProperty("nacos.group");
|
||||
public static final Integer NACOS_CONNECTION_TIMEOUT = CommonConfigurations.getIntProperty("nacos.connection.timeout");
|
||||
|
||||
|
||||
|
||||
public static final String NACOS_DOS_NAMESPACE = CommonConfigurations.getStringProperty("nacos.dos.namespace");
|
||||
public static final String NACOS_DOS_DATA_ID = CommonConfigurations.getStringProperty("nacos.dos.data.id");
|
||||
public static final String NACOS_DOS_GROUP = CommonConfigurations.getStringProperty("nacos.dos.group");
|
||||
|
||||
public static final Integer HTTP_SOCKET_TIMEOUT = CommonConfigurations.getIntProperty("http.socket.timeout");
|
||||
|
||||
public static final Long KNOWLEDGE_EXECUTION_INTERVAL = CommonConfigurations.getLongProperty("knowledge.execution.interval");
|
||||
|
||||
|
||||
public static final String KNOWLEDGE_BASE_URL = CommonConfigurations.getStringProperty("knowledge.base.uri");
|
||||
public static final String KNOWLEDGE_BASE_PATH = CommonConfigurations.getStringProperty("knowledge.base.path");
|
||||
public static final String IP_USER_DEFINED_KD_ID = CommonConfigurations.getStringProperty("ip.user.defined.kd.id");
|
||||
public static final String IP_BUILTIN_KD_ID = CommonConfigurations.getStringProperty("ip.builtin.kd.id");
|
||||
|
||||
|
||||
public static final String BIFANG_SERVER_TOKEN = CommonConfigurations.getStringProperty("bifang.server.token");
|
||||
|
||||
|
||||
public static final Integer STATIC_SENSITIVITY_THRESHOLD = CommonConfigurations.getIntProperty("static.sensitivity.threshold");
|
||||
public static final Double BASELINE_SENSITIVITY_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sensitivity.threshold");
|
||||
|
||||
public static final Double BASELINE_SESSIONS_MINOR_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.minor.threshold");
|
||||
|
||||
|
||||
public static final Double BASELINE_SESSIONS_WARNING_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.warning.threshold");
|
||||
|
||||
public static final Double BASELINE_SESSIONS_MAJOR_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.major.threshold");
|
||||
|
||||
public static final Double BASELINE_SESSIONS_SEVERE_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.severe.threshold");
|
||||
public static final Double BASELINE_SESSIONS_CRITICAL_THRESHOLD = CommonConfigurations.getDoubleProperty("baseline.sessions.critical.threshold");
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -6,26 +6,26 @@ import java.io.Serializable;
|
||||
*
|
||||
*/
|
||||
public class KnowlegeBaseMeta implements Serializable {
|
||||
private String id;
|
||||
private String kb_id;
|
||||
private String name;
|
||||
private String sha256;
|
||||
private String format;
|
||||
private String path;
|
||||
|
||||
public KnowlegeBaseMeta(String id, String name, String sha256, String format, String path) {
|
||||
this.id = id;
|
||||
public KnowlegeBaseMeta(String kd_id, String name, String sha256, String format, String path) {
|
||||
this.kb_id = kd_id;
|
||||
this.name = name;
|
||||
this.sha256 = sha256;
|
||||
this.format = format;
|
||||
this.path = path;
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
public String getKb_id() {
|
||||
return kb_id;
|
||||
}
|
||||
|
||||
public void setId(String id) {
|
||||
this.id = id;
|
||||
public void setKb_id(String kb_id) {
|
||||
this.kb_id = kb_id;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
@@ -63,7 +63,7 @@ public class KnowlegeBaseMeta implements Serializable {
|
||||
@Override
|
||||
public String toString() {
|
||||
return "KnowlegeBaseMeta{" +
|
||||
"id='" + id + '\'' +
|
||||
"kb_id='" + kb_id + '\'' +
|
||||
", name='" + name + '\'' +
|
||||
", sha256='" + sha256 + '\'' +
|
||||
", format='" + format + '\'' +
|
||||
|
||||
@@ -6,7 +6,6 @@ import com.geedgenetworks.utils.DateUtils;
|
||||
import com.geedgenetworks.utils.StringUtil;
|
||||
import com.zdjizhi.common.*;
|
||||
import com.zdjizhi.utils.*;
|
||||
import com.zdjizhi.utils.connections.nacos.NacosUtils;
|
||||
import inet.ipaddr.IPAddress;
|
||||
import inet.ipaddr.IPAddressString;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@@ -102,7 +101,7 @@ public class DosDetection extends ProcessFunction<DosSketchLog, DosEventLog> {
|
||||
|
||||
private DosEventLog getDosEventLogBySensitivityThreshold(DosSketchLog value) {
|
||||
long sketchSessions = value.getSketch_sessions();
|
||||
Integer staticSensitivityThreshold = NacosUtils.getIntProperty("static.sensitivity.threshold");
|
||||
Integer staticSensitivityThreshold = FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD;
|
||||
long diff = sketchSessions - staticSensitivityThreshold;
|
||||
return getDosEventLog(value, staticSensitivityThreshold, diff, 0, SENSITIVITY_CONDITION_TYPE, SESSIONS_TAG);
|
||||
}
|
||||
@@ -162,9 +161,9 @@ public class DosDetection extends ProcessFunction<DosSketchLog, DosEventLog> {
|
||||
if (diff > 0 && base != 0) {
|
||||
double percent = getDiffPercent(diff, base);
|
||||
Severity severity = judgeSeverity(percent);
|
||||
Integer staticSensitivityThreshold = NacosUtils.getIntProperty("static.sensitivity.threshold");
|
||||
Integer staticSensitivityThreshold = FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD;
|
||||
if (severity != Severity.NORMAL) {
|
||||
if (type == BASELINE_CONDITION_TYPE && percent < NacosUtils.getDoubleProperty("baseline.sensitivity.threshold")) {
|
||||
if (type == BASELINE_CONDITION_TYPE && percent < FlowWriteConfig.BASELINE_SENSITIVITY_THRESHOLD) {
|
||||
logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过基线敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value);
|
||||
} else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSketch_sessions() < staticSensitivityThreshold) {
|
||||
logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过静态敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value);
|
||||
@@ -220,8 +219,8 @@ public class DosDetection extends ProcessFunction<DosSketchLog, DosEventLog> {
|
||||
logger.debug("获取到当前IP: {},类型: {} baseline值为0,替换为P95观测值{}", value.getDestination_ip(), value.getAttack_type(), defaultVaule);
|
||||
base = defaultVaule;
|
||||
}
|
||||
if (sessionRateBaselineType == OTHER_BASELINE_TYPE && base < NacosUtils.getIntProperty("static.sensitivity.threshold")) {
|
||||
base = NacosUtils.getIntProperty("static.sensitivity.threshold");
|
||||
if (sessionRateBaselineType == OTHER_BASELINE_TYPE && base < FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD) {
|
||||
base = FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -309,15 +308,15 @@ public class DosDetection extends ProcessFunction<DosSketchLog, DosEventLog> {
|
||||
}
|
||||
|
||||
private Severity judgeSeverity(double diffPercent) {
|
||||
if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.minor.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.warning.threshold")) {
|
||||
if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_MINOR_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_WARNING_THRESHOLD) {
|
||||
return Severity.MINOR;
|
||||
} else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.warning.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.major.threshold")) {
|
||||
} else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_WARNING_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_MAJOR_THRESHOLD) {
|
||||
return Severity.WARNING;
|
||||
} else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.major.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.severe.threshold")) {
|
||||
} else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_MAJOR_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_SEVERE_THRESHOLD) {
|
||||
return Severity.MAJOR;
|
||||
} else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.severe.threshold") && diffPercent < NacosUtils.getDoubleProperty("baseline.sessions.critical.threshold")) {
|
||||
} else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_SEVERE_THRESHOLD && diffPercent < FlowWriteConfig.BASELINE_SESSIONS_CRITICAL_THRESHOLD) {
|
||||
return Severity.SEVERE;
|
||||
} else if (diffPercent >= NacosUtils.getDoubleProperty("baseline.sessions.critical.threshold")) {
|
||||
} else if (diffPercent >= FlowWriteConfig.BASELINE_SESSIONS_CRITICAL_THRESHOLD) {
|
||||
return Severity.CRITICAL;
|
||||
} else {
|
||||
return Severity.NORMAL;
|
||||
|
||||
@@ -81,7 +81,6 @@ public class EtlProcessFunction extends ProcessWindowFunction<DosSketchLog, DosS
|
||||
}else if (recvtime > newSketchLog.getCommon_recv_time()){
|
||||
recvtime = newSketchLog.getCommon_recv_time();
|
||||
}
|
||||
System.out.println(newSketchLog.getCommon_recv_time());
|
||||
String sourceIp = newSketchLog.getSource_ip();
|
||||
if (StringUtils.equals(sourceIp,EMPTY_SOURCE_IP_IPV4) || StringUtils.equals(sourceIp,EMPTY_SOURCE_IP_IPV6)){
|
||||
sessions += newSketchLog.getSketch_sessions();
|
||||
|
||||
@@ -4,14 +4,10 @@ import cn.hutool.log.Log;
|
||||
import cn.hutool.log.LogFactory;
|
||||
import com.alibaba.fastjson2.JSON;
|
||||
import com.alibaba.fastjson2.JSONObject;
|
||||
//import com.fasterxml.jackson.databind.JavaType;
|
||||
import com.zdjizhi.common.FlowWriteConfig;
|
||||
import com.zdjizhi.common.DosDetectionThreshold;
|
||||
import com.zdjizhi.common.DosVsysId;
|
||||
import com.zdjizhi.utils.HttpClientUtils;
|
||||
//import com.zdjizhi.utils.JsonMapper;
|
||||
|
||||
import com.zdjizhi.utils.connections.nacos.NacosUtils;
|
||||
import inet.ipaddr.IPAddress;
|
||||
import inet.ipaddr.IPAddressString;
|
||||
import org.apache.flink.shaded.guava18.com.google.common.collect.Range;
|
||||
@@ -89,7 +85,7 @@ public class ParseStaticThreshold {
|
||||
// parms.put("orderBy", "vsysId desc");
|
||||
parms.put("type", 1);
|
||||
HttpClientUtils.setUrlWithParams(uriBuilder, FlowWriteConfig.BIFANG_SERVER_POLICY_VSYSID_PATH, parms);
|
||||
String token = NacosUtils.getStringProperty("bifang.server.token");
|
||||
String token = FlowWriteConfig.BIFANG_SERVER_TOKEN;
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
||||
BasicHeader authorization = new BasicHeader("Authorization", token);
|
||||
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
@@ -138,7 +134,7 @@ public class ParseStaticThreshold {
|
||||
parms.put("is_valid", 1);
|
||||
parms.put("vsys_id", vsysId);
|
||||
HttpClientUtils.setUrlWithParams(uriBuilder, FlowWriteConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, parms);
|
||||
String token = NacosUtils.getStringProperty("bifang.server.token");
|
||||
String token = FlowWriteConfig.BIFANG_SERVER_TOKEN;
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
||||
BasicHeader authorization = new BasicHeader("Authorization", token);
|
||||
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
|
||||
@@ -4,20 +4,21 @@ import cn.hutool.crypto.digest.DigestUtil;
|
||||
import cn.hutool.log.Log;
|
||||
import cn.hutool.log.LogFactory;
|
||||
import com.alibaba.fastjson2.*;
|
||||
import com.alibaba.nacos.api.config.ConfigService;
|
||||
import com.alibaba.nacos.api.config.listener.Listener;
|
||||
import com.alibaba.nacos.api.exception.NacosException;
|
||||
import com.geedgenetworks.utils.IpLookupV2;
|
||||
import com.geedgenetworks.utils.StringUtil;
|
||||
import com.google.common.base.Joiner;
|
||||
import com.zdjizhi.common.FlowWriteConfig;
|
||||
import com.zdjizhi.common.pojo.KnowlegeBaseMeta;
|
||||
import com.zdjizhi.utils.connections.http.HttpClientService;
|
||||
import com.zdjizhi.utils.connections.nacos.NacosConnection;
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.net.URISyntaxException;
|
||||
import java.util.HashMap;
|
||||
import java.util.concurrent.Executor;
|
||||
import java.util.Map;
|
||||
import java.util.Timer;
|
||||
import java.util.TimerTask;
|
||||
|
||||
|
||||
/**
|
||||
* @author wangchengcheng
|
||||
@@ -53,47 +54,39 @@ public class IpLookupUtils {
|
||||
*/
|
||||
private static final HashMap<String, KnowlegeBaseMeta> knowledgeMetaCache = new HashMap<>(16);
|
||||
|
||||
private static String currentSha256IpUserDefined = "";
|
||||
|
||||
private static String currentSha256IpBuiltin = "";
|
||||
|
||||
static {
|
||||
JSONPath jsonPath = JSONPath.of(getFilterParameter());
|
||||
httpClientService = new HttpClientService();
|
||||
|
||||
NacosConnection nacosConnection = new NacosConnection();
|
||||
ConfigService schemaService = nacosConnection.getPublicService();
|
||||
try {
|
||||
String configInfo = schemaService.getConfigAndSignListener(FlowWriteConfig.NACOS_KNOWLEDGEBASE_DATA_ID, FlowWriteConfig.NACOS_PUBLIC_GROUP, FlowWriteConfig.NACOS_CONNECTION_TIMEOUT, new Listener() {
|
||||
@Override
|
||||
public Executor getExecutor() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void receiveConfigInfo(String configInfo) {
|
||||
if (StringUtil.isNotBlank(configInfo)) {
|
||||
updateIpLookup(jsonPath, configInfo);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
if (StringUtil.isNotBlank(configInfo)) {
|
||||
updateIpLookup(jsonPath, configInfo);
|
||||
stuffKnowledgeMetaCache();
|
||||
Timer timer = new Timer();
|
||||
timer.schedule(new TimerTask() {
|
||||
@Override
|
||||
public void run() {
|
||||
stuffKnowledgeMetaCache();
|
||||
}
|
||||
} catch (NacosException e) {
|
||||
logger.error("Get Schema config from Nacos error,The exception message is :" + e.getMessage());
|
||||
}
|
||||
}, 0, FlowWriteConfig.KNOWLEDGE_EXECUTION_INTERVAL);
|
||||
}
|
||||
|
||||
private static void updateIpLookup(JSONPath jsonPath, String configInfo) {
|
||||
String extract = jsonPath.extract(JSONReader.of(configInfo)).toString();
|
||||
if (StringUtil.isNotBlank(extract)) {
|
||||
JSONArray jsonArray = JSON.parseArray(extract);
|
||||
if (jsonArray.size() > 0) {
|
||||
for (int i = 0; i < jsonArray.size(); i++) {
|
||||
KnowlegeBaseMeta knowlegeBaseMeta = JSONObject.parseObject(jsonArray.getString(i), KnowlegeBaseMeta.class);
|
||||
String fileName = Joiner.on(LOCATION_SEPARATOR).useForNull("").join(knowlegeBaseMeta.getName(), knowlegeBaseMeta.getFormat());
|
||||
knowledgeMetaCache.put(fileName, knowlegeBaseMeta);
|
||||
}
|
||||
reloadIpLookup();
|
||||
}
|
||||
|
||||
|
||||
private static void stuffKnowledgeMetaCache(){
|
||||
final KnowlegeBaseMeta ipBuiltinknowlegeBaseMeta = getKnowlegeBaseMeta(FlowWriteConfig.IP_BUILTIN_KD_ID);
|
||||
if (!currentSha256IpBuiltin.equals(ipBuiltinknowlegeBaseMeta.getSha256())) {
|
||||
String fileName = Joiner.on(LOCATION_SEPARATOR).useForNull("").join(ipBuiltinknowlegeBaseMeta.getName(), ipBuiltinknowlegeBaseMeta.getFormat());
|
||||
knowledgeMetaCache.put(fileName, ipBuiltinknowlegeBaseMeta);
|
||||
}
|
||||
final KnowlegeBaseMeta ipUserDefinedknowlegeBaseMeta = getKnowlegeBaseMeta(FlowWriteConfig.IP_USER_DEFINED_KD_ID);
|
||||
if (!currentSha256IpUserDefined.equals(ipUserDefinedknowlegeBaseMeta.getSha256())) {
|
||||
String fileName = Joiner.on(LOCATION_SEPARATOR).useForNull("").join(ipUserDefinedknowlegeBaseMeta.getName(), ipUserDefinedknowlegeBaseMeta.getFormat());
|
||||
knowledgeMetaCache.put(fileName, ipUserDefinedknowlegeBaseMeta);
|
||||
}
|
||||
if (!currentSha256IpUserDefined.equals(ipUserDefinedknowlegeBaseMeta.getSha256()) || !currentSha256IpBuiltin.equals(ipBuiltinknowlegeBaseMeta.getSha256())) {
|
||||
currentSha256IpBuiltin = ipBuiltinknowlegeBaseMeta.getSha256();
|
||||
currentSha256IpUserDefined = ipUserDefinedknowlegeBaseMeta.getSha256();
|
||||
reloadIpLookup();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -126,7 +119,7 @@ public class IpLookupUtils {
|
||||
System.out.println("update " + fileName + " finished, speed :" + (System.currentTimeMillis() - startTime) + "ms");
|
||||
retryNum = TRY_TIMES;
|
||||
} else {
|
||||
logger.error("通过HOS下载{}的sha256为:{} ,Nacos内记录为:{} ,sha256不相等 开始第{}次重试下载文件", fileName, downloadFileSha256, metaSha256, retryNum);
|
||||
logger.error("通过HOS下载{}的sha256为:{} ,网关内记录为:{} ,sha256不相等 开始第{}次重试下载文件", fileName, downloadFileSha256, metaSha256, retryNum);
|
||||
retryNum++;
|
||||
}
|
||||
} else {
|
||||
@@ -138,14 +131,13 @@ public class IpLookupUtils {
|
||||
ipLookup = builder.build();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 根据配置组合生成知识库元数据过滤参数
|
||||
*
|
||||
* @return 过滤参数
|
||||
*/
|
||||
private static String getFilterParameter() {
|
||||
// String expr = "$.[?(@.version=='latest' && @.name in ['ip_built_in','ip_user_defined'])].['name','sha256','format','path']";
|
||||
|
||||
|
||||
String expr = "[?(@.version=='latest')][?(@.name in ('ip_builtin','ip_user_defined'))]";
|
||||
|
||||
@@ -156,5 +148,35 @@ public class IpLookupUtils {
|
||||
return ipLookup.countryLookup(ip);
|
||||
}
|
||||
|
||||
|
||||
private static KnowlegeBaseMeta getKnowlegeBaseMeta(String kd_id) {
|
||||
KnowlegeBaseMeta knowlegeBaseMeta = null;
|
||||
String knowledgeInfo = null;
|
||||
try {
|
||||
URIBuilder uriBuilder = new URIBuilder(FlowWriteConfig.KNOWLEDGE_BASE_URL);
|
||||
HashMap<String, Object> parms = new HashMap<>();
|
||||
parms.put("kb_id", kd_id);
|
||||
HttpClientUtils.setUrlWithParams(uriBuilder, FlowWriteConfig.KNOWLEDGE_BASE_PATH, parms);
|
||||
knowledgeInfo = HttpClientUtils.httpGet(uriBuilder.build());
|
||||
if (knowledgeInfo.contains("200")) {
|
||||
final Map<String, Object> jsonObject = JSONObject.parseObject(knowledgeInfo, Map.class);
|
||||
JSONPath jsonPath = JSONPath.of(getFilterParameter());
|
||||
String extract = jsonPath.extract(JSONReader.of(jsonObject.get("data").toString())).toString();
|
||||
if (StringUtil.isNotBlank(extract)) {
|
||||
JSONArray jsonArray = JSON.parseArray(extract);
|
||||
if (jsonArray.size() > 0) {
|
||||
for (int i = 0; i < jsonArray.size(); i++) {
|
||||
knowlegeBaseMeta = JSONObject.parseObject(jsonArray.getString(i), KnowlegeBaseMeta.class);
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
logger.error("获取knowledge_base失败,请求回执为" + knowledgeInfo);
|
||||
}
|
||||
} catch (URISyntaxException e) {
|
||||
logger.error("构造URI异常", e);
|
||||
} catch (Exception e) {
|
||||
logger.error("获取knowledge_base失败", e);
|
||||
}
|
||||
return knowlegeBaseMeta;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,54 +0,0 @@
|
||||
package com.zdjizhi.utils.connections.nacos;
|
||||
|
||||
import cn.hutool.log.Log;
|
||||
import cn.hutool.log.LogFactory;
|
||||
import com.alibaba.nacos.api.NacosFactory;
|
||||
import com.alibaba.nacos.api.PropertyKeyConst;
|
||||
import com.alibaba.nacos.api.config.ConfigService;
|
||||
import com.alibaba.nacos.api.exception.NacosException;
|
||||
import com.zdjizhi.common.FlowWriteConfig;
|
||||
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* @author qidaijie
|
||||
* @Package com.zdjizhi.tools.connections.nacos
|
||||
* @Description:
|
||||
* @date 2023/7/2714:49
|
||||
*/
|
||||
public class NacosConnection {
|
||||
private static final Log logger = LogFactory.get();
|
||||
|
||||
private ConfigService configService;
|
||||
|
||||
|
||||
public ConfigService getDosService() {
|
||||
Properties properties = new Properties();
|
||||
properties.setProperty(PropertyKeyConst.SERVER_ADDR, FlowWriteConfig.NACOS_SERVER);
|
||||
properties.setProperty(PropertyKeyConst.NAMESPACE, FlowWriteConfig.NACOS_DOS_NAMESPACE);
|
||||
properties.setProperty(PropertyKeyConst.USERNAME, FlowWriteConfig.NACOS_USERNAME);
|
||||
properties.setProperty(PropertyKeyConst.PASSWORD, FlowWriteConfig.NACOS_PIN);
|
||||
try {
|
||||
configService = NacosFactory.createConfigService(properties);
|
||||
} catch (NacosException e) {
|
||||
logger.error("NacosException:{}", e);
|
||||
}
|
||||
return configService;
|
||||
}
|
||||
|
||||
|
||||
public ConfigService getPublicService() {
|
||||
Properties properties = new Properties();
|
||||
properties.setProperty(PropertyKeyConst.SERVER_ADDR, FlowWriteConfig.NACOS_SERVER);
|
||||
properties.setProperty(PropertyKeyConst.NAMESPACE, FlowWriteConfig.NACOS_PUBLIC_NAMESPACE);
|
||||
properties.setProperty(PropertyKeyConst.USERNAME, FlowWriteConfig.NACOS_USERNAME);
|
||||
properties.setProperty(PropertyKeyConst.PASSWORD, FlowWriteConfig.NACOS_PIN);
|
||||
try {
|
||||
configService = NacosFactory.createConfigService(properties);
|
||||
} catch (NacosException e) {
|
||||
logger.error("NacosException:{}", e);
|
||||
}
|
||||
return configService;
|
||||
}
|
||||
}
|
||||
@@ -1,69 +0,0 @@
|
||||
package com.zdjizhi.utils.connections.nacos;
|
||||
|
||||
import cn.hutool.log.Log;
|
||||
import cn.hutool.log.LogFactory;
|
||||
import com.alibaba.nacos.api.config.ConfigService;
|
||||
import com.alibaba.nacos.api.config.listener.Listener;
|
||||
import com.zdjizhi.common.FlowWriteConfig;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.StringReader;
|
||||
import java.util.Properties;
|
||||
import java.util.concurrent.Executor;
|
||||
|
||||
public class NacosUtils {
|
||||
private static final Log logger = LogFactory.get();
|
||||
private static Properties commonProperties = new Properties();
|
||||
|
||||
static {
|
||||
NacosConnection nacosConnection = new NacosConnection();
|
||||
ConfigService dosService = nacosConnection.getDosService();
|
||||
try {
|
||||
String config = dosService.getConfig(FlowWriteConfig.NACOS_DOS_DATA_ID, FlowWriteConfig.NACOS_DOS_GROUP, FlowWriteConfig.NACOS_CONNECTION_TIMEOUT);
|
||||
|
||||
commonProperties.load(new StringReader(config));
|
||||
|
||||
dosService.addListener(FlowWriteConfig.NACOS_DOS_DATA_ID, FlowWriteConfig.NACOS_DOS_GROUP, new Listener() {
|
||||
@Override
|
||||
public Executor getExecutor() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void receiveConfigInfo(String configMsg) {
|
||||
try {
|
||||
commonProperties.clear();
|
||||
commonProperties.load(new StringReader(configMsg));
|
||||
} catch (IOException e) {
|
||||
logger.error("监听nacos配置失败", e);
|
||||
}
|
||||
System.out.println(configMsg);
|
||||
}
|
||||
});
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
logger.error("获取nacos配置失败", e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String getStringProperty(String key) {
|
||||
return commonProperties.getProperty(key);
|
||||
}
|
||||
|
||||
public static Integer getIntProperty(String key) {
|
||||
return Integer.parseInt(commonProperties.getProperty(key));
|
||||
}
|
||||
|
||||
public static Double getDoubleProperty(String key) {
|
||||
return Double.parseDouble(commonProperties.getProperty(key));
|
||||
}
|
||||
|
||||
public static Long getLongProperty(String key) {
|
||||
return Long.parseLong(commonProperties.getProperty(key));
|
||||
}
|
||||
|
||||
public static Boolean getBooleanProperty(String key) {
|
||||
return "true".equals(commonProperties.getProperty(key).toLowerCase().trim());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -8,11 +8,11 @@ stream.execution.job.name=DOS-DETECTION-APPLICATION
|
||||
kafka.input.parallelism=3
|
||||
|
||||
#输入kafka topic名
|
||||
kafka.input.topic.name=test
|
||||
kafka.input.topic.name=DOS-SKETCH-RECORD
|
||||
|
||||
#输入kafka地址
|
||||
kafka.input.bootstrap.servers=192.168.44.12:9094
|
||||
#kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094
|
||||
#kafka.input.bootstrap.servers=192.168.44.12:9094
|
||||
kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094
|
||||
|
||||
#读取kafka group id
|
||||
kafka.input.group.id=dos-detection-job-221125-23132
|
||||
@@ -74,23 +74,6 @@ destination.ip.partition.num=10000
|
||||
|
||||
data.center.id.num=15
|
||||
|
||||
|
||||
#bifang服务访问地址
|
||||
bifang.server.uri=http://192.168.44.72
|
||||
#bifang.server.uri=http://192.168.44.3:80
|
||||
|
||||
#加密密码路径信息
|
||||
bifang.server.encryptpwd.path=/v1/user/encryptpwd
|
||||
|
||||
#登录bifang服务路径信息
|
||||
bifang.server.login.path=/v1/user/login
|
||||
|
||||
#获取vaysId路径信息
|
||||
bifang.server.policy.vaysid.path=/v1/admin/vsys
|
||||
|
||||
#获取静态阈值路径信息
|
||||
bifang.server.policy.threshold.path=/v1/policy/profile/dos_detection
|
||||
|
||||
#http请求相关参数
|
||||
#最大连接数
|
||||
http.pool.max.connection=400
|
||||
@@ -121,19 +104,46 @@ sasl.jaas.config.password=6MleDyA3Z73HSaXiKsDJ2k7Ys8YWLhEJ
|
||||
#是否开启kafka用户认证配置,1:是;0:否
|
||||
sasl.jaas.config.flag=1
|
||||
|
||||
############################## Nacos 配置 ######################################
|
||||
nacos.server.addr=192.168.44.12:8848
|
||||
nacos.username=nacos
|
||||
nacos.password=nacos
|
||||
############################## Nacos ---知识库配置 ######################################
|
||||
nacos.namespace=public
|
||||
nacos.data.id=knowledge_base.json
|
||||
nacos.group=DEFAULT_GROUP
|
||||
nacos.connection.timeout=60000
|
||||
http.socket.timeout=90000
|
||||
|
||||
############################## Knowledge Base 配置 ######################################
|
||||
knowledge.execution.interval=30000
|
||||
knowledge.base.uri=http://192.168.44.12:9999
|
||||
knowledge.base.path=/v1/knowledge_base
|
||||
ip.user.defined.kd.id=004390bc-3135-4a6f-a492-3662ecb9e289
|
||||
ip.builtin.kd.id=64af7077-eb9b-4b8f-80cf-2ceebc89bea9
|
||||
|
||||
############################## Bifang Server 配置 ######################################
|
||||
bifang.server.token=aa2bdec5518ad131f71944b13ce5c298&1&
|
||||
#bifang服务访问地址
|
||||
bifang.server.uri=http://192.168.44.72
|
||||
#bifang.server.uri=http://192.168.44.3:80
|
||||
|
||||
#加密密码路径信息
|
||||
bifang.server.encryptpwd.path=/v1/user/encryptpwd
|
||||
|
||||
#登录bifang服务路径信息
|
||||
bifang.server.login.path=/v1/user/login
|
||||
|
||||
#获取vaysId路径信息
|
||||
bifang.server.policy.vaysid.path=/v1/admin/vsys
|
||||
|
||||
#获取静态阈值路径信息
|
||||
bifang.server.policy.threshold.path=/v1/policy/profile/dos_detection
|
||||
|
||||
|
||||
############################## 基线 配置 ######################################
|
||||
static.sensitivity.threshold=1
|
||||
#基线敏感阈值
|
||||
baseline.sensitivity.threshold=0.2
|
||||
|
||||
#基于baseline判定dos攻击的上下限
|
||||
baseline.sessions.minor.threshold=0.2
|
||||
baseline.sessions.warning.threshold=1
|
||||
baseline.sessions.major.threshold=2.5
|
||||
baseline.sessions.severe.threshold=5
|
||||
baseline.sessions.critical.threshold=8
|
||||
|
||||
|
||||
|
||||
############################## Nacos ---静态阈值配置 ######################################
|
||||
nacos.dos.namespace=test
|
||||
nacos.dos.data.id=dos_detection.properties
|
||||
nacos.dos.group=Galaxy
|
||||
|
||||
http.socket.timeout=90000
|
||||
@@ -55,7 +55,7 @@ public class NacosTest {
|
||||
String content = configService.getConfig(DATA_ID, GROUP, 5000);
|
||||
Properties nacosConfigMap = new Properties();
|
||||
nacosConfigMap.load(new StringReader(content));
|
||||
System.out.println(nacosConfigMap.getProperty("static.sensitivity.threshold"));
|
||||
System.out.println(FlowWriteConfig.STATIC_SENSITIVITY_THRESHOLD);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user